_grokparsefailure on kibana for record through logstash

kish2010 · October 19, 2021, 10:19am

Hi All,
I have created grok pattern and tested with log on grokdebugger but still it is failing with grokparsefailure error on kibana.

PFB Config file:-
input {
file {
path => "/tmp/test.csv"
}
}
filter {
grok {
match => { "message" => [ "(?.)^|^(?<log_type>.)^|^(?<record_UUID>.)^|^(?.)^|^(?.)^|^(?.)^|^(?.)^|^(?.)^|^(?<event_ts>.)^|^(?.)^|^(?<time_taken_in_ms>.)^|^(?.)^|^(?<as_snap>.)^|^(?.)" ]
}
}
mutate
{
remove_field => [ "message" ]
}
output {
Elasticsearch {
hosts => ["http://x.x.x.x:9200"]
index => "test"
}
}

grumo35 · October 19, 2021, 12:12pm

Hi,

Can you show the log sample ?

And what message field to you obtain in elastic ?

system · November 16, 2021, 12:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.